DoL Website Hijack Owing to Fresh 0-day Vulnerability

The hacking attack, which hijacked an online site of DoL (Department-of-Labor) of the United States, recently, occurred due to one fresh 0-day security flaw (CVE-2013-1347) impacting Internet Explorer 8 (IE8) rather than a patched flaw that security experts initially thought, published infosecurity-magazine.com dated May 6, 2013.

The experts who found the hijacked DoL website said that it was hosting malware, understandably, one Poison Ivy variant, which was certain RAT (remote access Trojan). According to AlientVault, the command and control protocol as well looked like a backdoor Advanced Persistent Threat (APT) from China, known as DeepPanda. At first, the researchers of AlientVault along with other companies said that the abused security flaw happened to be a familiar vulnerability namely CVE-2012-4792, inciting severe queries vis-à-vis security protocol, however, currently, it was validated that the culprit was the zero-day flaw.

Moreover, it was FireEye, which reported to Microsoft about the fresh discovery following which the software major substantiated that one 0-day exploit was affecting IE8 because of which the hacks occurred against the U.S.' DoL.

Microsoft blogged via an advisory that the zero-day vulnerability allowed execution of remote code and that its existence was within the manner IE gained admission into an item within memory, which was already erased alternatively hadn't been appropriately distributed. V3.co.uk published this dated May 6, 2013.

Microsoft further wrote that the security flaw might damage memory such as to let a cyber-attacker run random malware while the existing end-user ran IE. The attacker could float one maliciously-created website, which abused the flaw via IE, followed with cajoling the end-user towards accessing that website.

Every edition of Windows XP was impacted, as well as Windows Server R2, 2008 and 2003, the security advisory added.

Meanwhile, according to Microsoft, it was presently examining the exploit for which a patch could get issued through the forthcoming Patch Tuesday publication alternatively via an Emergency upgrade.

Till then, Microsoft suggests users to make their Web-browsers up-to-date. Nevertheless, incase that's not possible because of software, which needs the Web-browser, then they must disable the security configurations of their browsers so system hacks or data loss can be mitigated.